Release Processes and Management
DESelect maintains a formal Change Management process that outlines the requirements for making application and infrastructure changes and is planned by respective team coaches. Changes are supported by an internal ticketing system and the process consists of the identification, preparation, peer validation, staging, and testing of the change prior to moving the change into production.
Software releases are managed by the CTO.
Emergency changes are executed by a senior engineer (situation owner) and supported by an emergency change process. The emergency change process supports for a fix in the production environment to control the situation as soon as possible. Post implementation, the change goes through the regular change management process for a full analysis of the correct working of the applied change.
New features are released once a month.
Additional improvements are released every 2 weeks.
Patches are released daily.
Patching and Upgrade Processes / Schedules
DESelect applies a patching policy supported by regular patch management meetings to ensure timely and controlled patching of vulnerable systems or applications. Vulnerabilities for network and infrastructure elements as well as application layer are closely monitored and systems are patched or a workaround is applied as soon as possible. DESelect follows the Continuous Deployment principle, with multiple non-interrupting deploys per day/week. The infrastructure is architected in a fully redundant way, allowing updates and maintenance without affecting the overall service delivery. Multiple vulnerability listings are followed in order to detect new issues. Main Sources (but not limited to) are: CVE list, Qualys, Secunia & SANS Institute. In addition, vulnerability scans from external networks are performed on a monthly basis.